Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3493

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3493
Last Modified 07 Mar 2011 09:38:45
Published 10 Jul 2006 06:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3493

Summary

Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.

Vulnerable Systems

Application

  • Microsoft Office 2000

  • Microsoft Office 2003

  • Microsoft Office Xp


References

XF - office-lscreateline-dos(27617)

VUPEN - ADV-2006-2720

BID - 18905

BUGTRAQ - 20060711 Fuzzing Microsoft Office

BUGTRAQ - 20060710 MS Word Unchecked Boundary Condition Vulnerability

SECTRACK - 1016453

FULLDISC - 20060707 MS Word Unchecked Boundary Condition

MISC - http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx

FULLDISC - 20060707 MS Word Unchecked Boundary Condition Vulnerability - POC

XF - office-lscreateline-code-execution(27617)


Last Updated: 27 May 2016 10:44:52